[PATCH] Add script to rewrite manifest to workaround lack of parent deltas

Benoit Boissinot benoit.boissinot at ens-lyon.org
Tue Aug 25 02:21:30 CDT 2009


On Mon, Aug 24, 2009 at 09:57:37PM -0400, Greg Ward wrote:
> On Mon, Aug 24, 2009 at 5:39 PM, Benoit
> Boissinot<benoit.boissinot at ens-lyon.org> wrote:
> >> 1) except tempfile.mktemp() is unsafe and should not be used
> >
> > Not more unsafe than using a chosen prefix.
> 
> Huh??  mktemp() is unsafe because there is a race condition: the
> function finds an unused filename and returns it to you.  Attacker
> creates file as a symlink to /etc/passwd.  Then you open it in
> truncate mode and  clobber /etc/passwd.  mkstemp() avoids this by
> returning an open file descriptor along with the filename.  So how
> does having a known prefix make mkstemp() less secure?  (And isn't the
> default prefix -- "tmp" -- even more "known" than a chosen prefix that
> I pass in?)
> 

Sorry, I meant suffix. Using mktemp() is not really different that using
00manifest.i.old/00manifest.d.old, is it ?

regards,

Benoit

-- 
:wq


More information about the Mercurial-devel mailing list